You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description of problem:
Currently in SSSD when you want to use only an id_provider and don't want to
use an auth_provider for a certain backend (for example NIS) you will need to
create an empty proxy_pam_target file. This is needed because if you leave the
auth_provider empty (because you aren ot using one) SSSD will assume the same
value applies as is used for id_provider and you are required to enter a value
for proxy_pam_target for SSSD to start up correctly.
Version-Release number of selected component (if applicable):
sssd-1.5.1-66.el6_2.3.x86_64
How reproducible:
Configure SSSD to use a backend that only requires an id_provider and leave the
auth_provider empty.
Steps to Reproduce:
1. Configure SSSD as follows:
[sssd]
config_file_version = 2
services = nss, pam
domains = lab
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
entry_cache_timeout = 300
entry_cache_nowait_percentage = 75
pwfield = x
[pam]
[domain/lab]
id_provider = proxy
proxy_lib_name = nis
Note: there is no proxy_pam_target directive
2. Start up SSSD, you will see the following error:
(Tue May 15 16:06:14 2012) [sssd[be[lab]]] [load_backend_module] (7): Loading
backend [proxy] with path [/usr/lib64/sssd/libsss_proxy.so].
(Tue May 15 16:06:14 2012) [sssd[be[lab]]] [load_backend_module] (5): no module
name found in confdb, using [proxy].
(Tue May 15 16:06:14 2012) [sssd[be[lab]]] [load_backend_module] (7): Backend
[proxy] already loaded.
(Tue May 15 16:06:14 2012) [sssd[be[lab]]] [sssm_proxy_auth_init] (1): Missing
option proxy_pam_target.
(Tue May 15 16:06:14 2012) [sssd[be[lab]]] [load_backend_module] (0): Error
(22) in module (proxy) initialization (sssm_proxy_auth_init)!
(Tue May 15 16:06:14 2012) [sssd[be[lab]]] [be_process_init] (0): fatal error
initializing data providers
(Tue May 15 16:06:14 2012) [sssd[be[lab]]] [main] (0): Could not initialize
backend [22]
3. SSSD now does not function.
4. Now add proxy_pam_target to the lab domain:
[domain/lab]
id_provider = proxy
proxy_lib_name = nis
proxy_pam_target = sss_lab
5. Create an empty file /etc/pam.d/sss_lab
6. Start SSSD, you will see it start properly.
Actual results:
SSSD starts but "fake" configuration directives are needed to get it to start.
Expected results:
You can configure SSSD to not use an auth_provider so that it is clear from the
configuration file no auth_provider is used.
Additional info:
This ticket has been evaluated for inclusion into SSSD 1.10 release and was decided to be excluded since it does not match the main goals and themes of the release. It might be considered for later releases.
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/1339
https://bugzilla.redhat.com/show_bug.cgi?id=821894 (Red Hat Enterprise Linux 6)
Comments
Comment from dpal at 2012-05-17 15:17:04
Fields changed
blockedby: =>
blocking: =>
coverity: =>
feature_milestone: =>
keywords: => easyfix
milestone: NEEDS_TRIAGE => SSSD Deferred
tests: => 0
testsupdated: => 0
upgrade: => 0
Comment from jhrozek at 2012-05-24 11:13:52
Ariel found out that the requested behaviour seems to have been already implemented.
From data_provider_be.c:
Moving back to NEEDS_TRIAGE mostly because of the associated RHBZ.
Comment from sgallagh at 2012-05-24 13:29:55
Fields changed
milestone: SSSD Deferred => NEEDS_TRIAGE
Comment from dpal at 2012-05-24 15:22:51
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.11 beta
Comment from dpal at 2012-08-16 13:38:29
Fields changed
proposed_priority: => Optional
Comment from sgallagh at 2012-08-16 14:08:44
Closing as WORKSFORME. The original bug was that the user was assuming that unspecified == none, which is not the case. I will update the BZ as well.
resolution: => worksforme
status: new => closed
Comment from dpal at 2012-09-04 23:25:15
This ticket has been evaluated for inclusion into SSSD 1.10 release and was decided to be excluded since it does not match the main goals and themes of the release. It might be considered for later releases.
Comment from dpal at 2013-01-02 15:23:36
Fields changed
milestone: SSSD 1.11 beta => SSSD 1.12 beta
Comment from sgallagh at 2017-02-24 14:25:34
Metadata Update from @sgallagh:
The text was updated successfully, but these errors were encountered: